Kernel Protection Against Just-In-Time Code Reuse
Abstract
The abundance of memory corruption and disclosure vulnerabilities in kernel code necessitates the deployment of hardening techniques to prevent privilege escalation attacks. As stricter memory isolation mechanisms between the kernel and user space become commonplace, attackers increasingly rely on code reuse techniques to exploit kernel vulnerabilities. Contrary to similar attacks in more restrictive settings, as in web browsers, in kernel exploitation, non-privileged local adversaries have great flexibility in abusing memory disclosure vulnerabilities to dynamically discover, or infer, the location of code snippets in order to construct code-reuse payloads. Recent studies have shown that the coupling of code diversification with the enforcement of a “read XOR execute” (R ∧ X) memory safety policy is an effective defense against the exploitation of userland software, but so far this approach has not been applied for the protection of the kernel itself.
Document Details
- Document Type
- Pub Defense Publication
- Publication Date
- Jan 04, 2019
- Source ID
- 10.1145/3277592
Entities
People
- Angelos D. Keromytis
- Marios Pomonis
- Michalis Polychronakis
- Theofilos Petsios
- Vasileios P. Kemerlis
Organizations
- Brown University
- Columbia University
- Defense Advanced Research Projects Agency
- Georgia Tech
- National Science Foundation
- Office of Naval Research
- Stony Brook University